Programs commonly running in the background in VIsta

Windows is basically just a collection of components, and at any given time, some of those components may be loaded into memory and listed as running processes in Task Manager. In fact, you'll probably see more programs running than you expected, especially after you turn on Task Manager's Show processes from all users option.

If you see a program you don't recognize, don't panic; it's not necessarily malware, but then again, it's not necessary legitimate. See the list of those items commonly found on most Windows Vista systems.

csrss.exe

Called the Client Server Runtime Process, csrss.exe is an essential Windows component, as it handles the user-mode portion of the Win32 subsystem. It is also a common target for viruses, so if this process appears to be consuming a lot of CPU cycles on your system, you should update and run your antivirus software.

explorer.exe

This is simply Windows Explorer, which is responsible for your desktop and Start menu. If this program crashes or is closed, Windows will usually start it again automatically. If you see more than one instance of explorer.exe, it means that each folder window is being launched as a separate process.

lsass.exe

This is the Local Security Authority subsystem, responsible for authenticating users on your system.

rundll32.exe

This program, the purpose of which is to launch a function in a DLL as though it were a separate program, is used for about a million different things in Windows.

services.exe

This is the Windows NT Service Control Manager, and works similarly to svchost.exe, described shortly. The difference is that services.exe runs services that are processes, and svchost.exe runs services that are DLLs.

smss.exe

Called the Windows NT Session Manager, smss.exe is an essential Windows component. Among other things, it runs programs listed in the HKEY_ LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager key in the Registry.

spoolsv.exe

This handles printing and print spooling (queuing).

svchost.exe

This is the application responsible for launching most services (listed in services.msc). See the upcoming What Is Svchost? for details. See also services.exe.

System

This is the System process, an essential Windows component.

System Idle Process

The "idle" process is a 16k loop, used to occupy all CPU cycles not consumed by other running
processes. The higher the number in the CPU column (99% being the maximum), the less your processor is being used by the currently running programs.

winlogon.exe

This process manages security-related user interactions, such as logon and logoff requests, locking or unlocking the machine, changing the password, and the remote Registry service.

wmiprvse.exe

This is responsible for WMI (Windows Management Instrumentation) support in Windows Vista, also known as WBEM. Like csrss.exe, above, wmiprvse.exe is a common target for viruses, so if this process appears to be consuming a lot of CPU cycles on your system, you should update and run your antivirus software.

Naturally, you shouldn't interfere with the components Windows requires to operate while you're looking for errant programs or programs you can get along without. And just because something isn't listed here doesn't mean it isn't required by your system, so use caution when ending a process with which you're unfamiliar.

Tags: antivirus,cpu,security,wmi

Related Articles